Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tgstation13 tgstation-server vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-16136
In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permission to download logs can download any file on the server machine (accessible by the owner of the server process) via directory traversal ../ sequences in /Administration/Logs/ requests. The attacker is unable ...
Tgstation13 Tgstation-server 4.4.0
Tgstation13 Tgstation-server 4.4.1
NA
CVE-2023-33198
tgstation-server is a production scale tool for BYOND server management. The DreamMaker API (DMAPI) chat channel cache can possibly be poisoned by a tgstation-server (TGS) restart and reattach. This can result in sending chat messages to one of any of the configured IRC or Discor...
Tgstation13 Tgstation-server
7.5
CVSSv2
CVE-2018-17107
In Tgstation tgstation-server 3.2.4.0 up to and including 3.2.1.0 (fixed in 3.2.5.0), active logins would be cached, allowing subsequent logins to succeed with any username or password.
Tgstation13 Tgstation-server
NA
CVE-2023-34243
TGstation is a toolset to manage production BYOND servers. In affected versions if a Windows user was registered in tgstation-server (TGS), an attacker could discover their username by brute-forcing the login endpoint with an invalid password. When a valid Windows logon was found...
Tgstation13 Tgstation-server
NA
CVE-2023-32687
tgstation-server is a toolset to manage production BYOND servers. Starting in version 4.7.0 and before 5.12.1, instance users with the list chat bots permission can read chat bot connections strings without the associated permission. This issue is patched in version 5.12.1. As a ...
Tgstation13 Tgstation-server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started